throbber
How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 1 of 8
`
`STORAGE
`
`How iSCSI packets are encapsulated and how to protect iSCSI
`data traffic
`Scott Lowe answers some basic questions about iSCSI from TechRepublic readers.
`
`By Scott Lowe | in Data Center, February 29, 2012, 10:00 PM PST
`
`An astute TechRepublic reader followed up on a recent post about SAS, SATA and iSCSI
`storage arrays (http://www.techrepublic.com/blog/networking/how-sas-and-sata-fit-in-with-the-iscsi-
`array/5349) with some additional questions. Below are my answers to each one.
`
`When iSCSI is used, how is the data encapsulated on the Ethernet? In this case, a
`picture really is worth a thousand words, so take a look at Figure A below. In it, you can
`see that iSCSI operates on the Session layer — layer 5 — of the ISO OSI model. In order to
`be able to chat with other devices using iSCSI, the SCSI commands that are generated at
`the presentation layer ultimately need to make their way down to the physical layer. The
`diagram explains what happens at each layer.
`
`Figure A
`
`(https://tr1.cbsistatic.com/hub/i/2015/05/07/62f59b4e-f4a6-11e4-940f-14feb5cc3d2a/lowe_osi.jpg)
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.001
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 2 of 8
`
`A look how how iSCSI packets are encapsulated
`
`Is there any encryption or is this not an issue? If we have been hacked, can the iSCSI
`data flow be intercepted and used in any way, or is this a moot point because of the
`complexity of the data streams, particularly if there are multiple iSCSI initiators?
`On its own, iSCSI traffic is not encrypted, but that doesn't mean that it's impossible to
`protect iSCSI traffic from prying eyes. Many consider isolating iSCSI traffic to be a best
`practice. That means that the iSCSI traffic gets its own dedicated network - either using
`separate physical switches or a dedicated, non-routable VLAN - on which to operate. As
`mentioned, this network is not connected to any other.
`
`Most iSCSI systems also support the use of the Challenge Handshake Authentication
`Protocol (CHAP). By using CHAP, iSCSI initiators are forced to authenticate using the
`CHAP secret before they are granted access to the iSCSI target. In some cases, you can
`also configure an iSCSI target to respond only to initiators that have certain attributes,
`such as:
`
`• Specific iSCSI World Wide Name (WWN)
`• From a specific IP address
`
`If you want to encrypt the iSCSI traffic - the ultimate and best protection from snooping -
`you can implement IPSec for the iSCSI traffic. This
`
`(http://www.enterprisestorageforum.com/ipstorage/features/article.php/3304621/Storage-Basics-Securing-iSCSI-
`using-IPSec.htm) is a good article about that practice.
`
`In a virtualized environment, I'm assuming that each virtual server has its own iSCSI
`initiator loaded, or can it share a single instance on a single hardware server?
`When you're running systems in a virtual environment, such as under vSphere or Hyper-V,
`it's generally recommended that the hosting server - the actual vSphere or Hyper-V host -
`maintain the connections to the iSCSI storage. From there, the hypervisor handles what
`connects to the storage. It's common, for example, to place virtual machine files, including
`virtual machine hard drives, on the iSCSi storage. When this configuration is in place, the
`virtual machines themselves actually have no idea at all that they are using iSCSI storage.
`To them, it is just local storage.
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.002
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 3 of 8
`
`That said, it is possible to install an iSCSI initiator from inside a virtual machine and
`connect that virtual machine to a separate iSCSI target. When you do that, only that
`specific virtual machine will see the iSCSI connection that was established. Be aware,
`however, that doing this can introduce performance issues for that virtual machine since
`that virtual machine then needs to handle all of the encapsulation activities using its own
`virtual processors.
`
`It appears that inexpensive 10GbE switches and adapters are now on the horizon.
`When do you think 10GbE will be the standard?
`The implementation of 10 GbE networking equipment is becoming more and more
`common as prices come down. Larger organizations have been implementing 10 GbE gear
`at their cores for quite some time. This trend will continue down the spectrum as more
`SMBs find needs to implement ever faster networks. I believe that storage - both iSCSI and
`Fibre Channel over Ethernet () (FCoE) will drive this trend in the data center; storage
`performance has become an Achilles' Heel for many. If I had to guess, I'd say that 10 GbE
`will be the standard in data centers in the 2014 to 2015 time frame, at least for new
`implementations. It will still take some time to clear out legacy 1 GbE connections.
`
`About Scott Lowe
`
`Since 1994, Scott Lowe has been providing technology solutions to a variety of
`organizations. After spending 10 years in multiple CIO roles, Scott is now an independent
`consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...
`
`Recommended
`
`This game kills boredom once and for all!
`Vikings: Free Online Game
`
`Promoted Links
`
`by Taboola
`
`Do You Come From Royal Blood? Your Last Name May Tell You.
`Ancestry
`
`The Toothpaste That Large Companies Do Not Want You To Know About
`SF Gate | Livionex
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.003
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 4 of 8
`
`A $6 Linux computer that plays Doom: Could this tiny Chinese clone challenge the Raspberry Pi Zero?
`
`Raspberry Pi rival: Asus launches Tinker Board, faster, with 2X memory and 4k video
`
`Classic Windows on a $35 computer: How to fire up Windows 3.1, 95, 98 and XP on your Raspberry Pi
`
`WHITE PAPERS, WEBCASTS, AND DOWNLOADS
`
`Case Studies // From Nimble Storage
`
`Oxford Economics Report-Mind the Gap
`“Mind the Gap”, a survey of 3,000 IT Decision Makers and business users,
`reveals the impact of application performance delays on company
`performance and financial results. We term these issues the “App-Data Gap”.
`The survey was carried out by Oxford...
`
`DOWNLOAD NOW
`
`White Papers // From NetApp/SolidFire
`
`SolidFire Success Story: Internet Solutions
`
`READ MORE
`
`White Papers // From Nimble Storage
`
`Nimble Labs Report: Mapping the Demands of Real-World Apps - One IO at a Time
`
`White Papers // From Nimble Storage
`
`Achieving Flash Storage Nirvana
`
`White Papers // From Nimble Storage
`
`IDC Paper: AFA Vendor Profile
`
`DOWNLOAD NOW
`
`DOWNLOAD NOW
`
`DOWNLOAD NOW
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.004
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 5 of 8
`
`EDITOR'S PICKS
`
`Google Fiber 2.0 targets where it will stage its comeback, as AT&T Fiber prepares to go nuclear
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.005
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 6 of 8
`
`The truth about MooCs and bootcamps: Their biggest benefit isn't creating more coders
`
`How Mark Shuttleworth became the first African in space and launched a software revolution
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.006
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 7 of 8
`
`Inside Amazon's clickworker platform: How half a million people are paid pennies to train AI
`
`RECOMMENDED
`
`This game kills boredom once and for all!
`Vikings: Free Online Game
`
`Sponsored Links
`
`by Taboola
`
`Do You Come From Royal Blood? Your Last Name May Tell You.
`Ancestry
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.007
`
`DELL
`
`

`

`How iSCSI packets are encapsulated and how to protect iSCSI data traffic - TechRepublic
`
`Page 8 of 8
`
`Related Ads
`
`1 ESX Server
`
`2 Microsoft Virtualization
`
`3 ISCSI Storage
`
`4 VSphere Essentials
`
`5 VMware Workstation
`
`6 Certification Programs
`
`7 Recover Passwords
`
`8 Cloud Computing Companies
`
`Recommended Content:
`Calm or Crisis? Network Automation Makes the Differ
`Backing up configurations can save hours resolving a network crisis. Download a
`Manager to automatically manage layer 2 and 3 device backups and recover from
`
`http://www.techrepublic.com/blog/data-center/how-iscsi-packets-are-encapsulated-and-how...
`
`4/8/2017
`Ex.1068.008
`
`DELL
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket